CPRA compliance

Get ready for the California Privacy Rights Act (CPRA)
Understand how CPRA will impact your business and digital activities, and how Didomi can help solve key challenges.

What to expect
July 2023: CPRA enforcement begins

California consumers have new rights:
Opt-out of the sharing or selling personal information, including third-party advertising. Opt-in is required for Sensitive Personal Information, including geolocation.
Correct and delete their personal data. Businesses sharing this data are also obliged to notify third parties of any consumer amend/delete requests.
Know how long a business intends to retain each category of their personal information, and/or the criteria used for determining retention periods.
Opt-out of a business’s use of “automated decision-making technology,” including consumer profiling.

As a business, you have new obligations
Display a privacy notice informing consumers of personal information collection.
Provide users with a way to exercise their rights (i.e., processing Data Subject Requests aka DSAR).
Keep data collected to a minimum, and limit purposes for collection.
Carry out risk assessments and fulfill cybersecurity requirements.

Financial and reputational risks for a business:
Fines up to $7,500 per intentional violation / per impacted user = potentially millions.
Fines up to $2,500 per unintentional violation.
Reputation and loss of trust (40% of consumers would switch brands after a negative privacy experience*).
CPRA eliminates the 30-day cure period for correcting violations offered under the CCPA, its predecessor.
* source: Google/IPSOS
Learn more about CPRA

-1-1.png)

What is the digital impact of CPRA?

CPRA - METRICS
Impact on analytics
If users opt out of your CPRA privacy notices, you cannot measure analytics performance (sessions/sales) or share data across your MarTech ecosystem.
Important: server-side tracking is not exempt. If users opt-out, you’ll need to calculate performance with data modelling.

CPRA - MARKETING
Impact on media performance
As a business, your ability to run remarketing audiences depends on users agreeing to your CPRA privacy notices and staying opted in to processing their personal data.
If users opt out, you cannot track conversions, resulting in lower in-platform performance and fewer data points for AI optimization.
If you are a site publisher, you won't be able to maximize advertising revenue if users opt out.

CPRA - UX
Impact on user experience
Mapping out the customer journey is much harder if users opt-out of CPRA notice.
Gaining user trust is the key, ensuring their choices are respected and giving them simple and transparent ways to access their data at all times.
Clear language, reliable technology and attractive interfaces help to avoid bounce (i.e., when users leave a website due to confusing or off-putting privacy notices).
Didomi helps you manage requirements
for CPRA and privacy laws worldwide.

ANY DEVICE, ANY ENVIRONMENT
Consent management
Ensure user choices and transparency in all countries and devices.
Create privacy notices that reflect your brand while easily managing your site vendors and purposes.
Generate proofs of consent in a few clicks, from a single source of truth.
Measure and optimize consent rates with advanced Analytics.
Detect, apply and respect Global Privacy Control (GPC).

DSAR MADE EASY
Streamlined fulfilment of Privacy Requests
No more manual handling of requests.
Intuitive processes that reassure website users and ease the burden on your own team.
Monitoring of key metrics to optimize your DSAR flow and improve spend per request and turnaround time.

